search for: objectcategori

Hi all! I'm attempting to configure sudo rights from Samba ldap. Alas, libsssd_samba receives 0 rules and config doesn't work. I think I have the problem identified here but I don't understand why. The way sssd_sudo searches for sudoers leave all important attributes out and of course filtering then fails. Can you help me to understand why following search results are so different (and

Hi, I'm having hard time getting sssd_sudo to work: when sssd_sudo accesses Samba ldap with host principal 'dc1$@teemu.local' it can't read necessary attributes like objectclass: sudoRole. When accessing as Administrator all attributes are shown. How can I enable other users then Administrator to access sudoers' attributes? Below is an example. [root at dc1 var]# kinit

I have a test setup of samba 4.1.6 under ubuntu 14.04. When I do the query shown at https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Check_if_NIS_Extensions_are_installed_in_your_Directory it shows I have the ypServ30 container installed. If I change this query to -s sub then I find 3 entries in that subtree (see [1] below) However the full schema in

Roland, Thank you very much for your attention to this. You should get a medal for all the help you give everyone on this list. On Sun, 10 May 2015, Rowland Penny wrote: > Why ? And why don't they show up when you ask for the zones with samba-tool ? I have that many subnets. As for why they don't show up: they are defined in BIND's configuration and not samba's; they never

Hello, Is it not Samba that is listening to the LDAP ports and is serving me the answer to my query? This problem does not only happen when the LDAP database is searched using ldapsearch, it happens also using other tools that connect to the LDAP ports. I still don't fully grasp what this has to do with the uniqueness of the sAMAccountNames - they are unique throughout my directory and I

Guys needing some help with LDAP queries against samba4 this command works against MS AD's LDAP (&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) but with samba4 I get C:\Users\Administrator>dsquery * --filter (&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) I get the

Thank you Kees. On Mon, 6 Nov 2023 at 09:37, Kees van Vloten via samba <samba at lists.samba.org> wrote: > I am currently running at 4.19.2 but I have run 4.18.6 and 4.18.5. I did > not experience any issues with nested group lookups, which many of the > filters rely on. Interestingly, I've now found that (on my current DCs, running 4.18.5), ldbsearch *does* seem to return the

NOBODY updates my scripts! Except whoever wants, of course. ;) Would you mind going into details regarding you changes? Ole On 09.02.2017 12:02, Rowland Penny via samba wrote: > On Thu, 9 Feb 2017 11:26:55 +0100 > Ole Traupe <ole.traupe at tu-berlin.de> wrote: > >> But I got the timestamp subtraction constant right from the beginning! > > Hope you don't mind but

Hi all On latest samba 4.2.1 I have provisioned a new domain on DC1 that successfully reads RFC2307 attributes set on a user account through ADUC. wbinfo (correct uid gets resolved from sid) wbinfo -n fsmith S-1-5-21-1273750850-484487853-1026460749-1120 SID_USER (1) wbinfo -S S-1-5-21-1273750850-484487853-1026460749-1120 1000006 ldbsearch sudo ldbsearch -H

Quick addendum: I just stumbled upon abandoned accounts receiving "password expired" notifications forever, even if they get disabled subsequently (by me). It might be helpful to include this in the script: uAC_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"

On Sun, 10 May 2015, Rowland Penny wrote: > Have you really got 19 reverse zones for your samba 4 active directory ? Yep :-) > Can you try running 'samba-tool ldapcmp ldap://<YOUR_FIRST_DC> ldap://<YOUR_SECOND_DC> Interesting. DC1 and DC2 have many differences; DC1 and DC3 are the same. Maybe I will demote DC2 and join it again. > Check if you actually have dns

I'm quite confused by this one, as I can't see how this would happen.. but after upgrading my DCs from 4.11.10 to 4.18.5, LDAP searches don't seem to work if they use the :1.2.840.113556.1.4.1941: modifier, aka LDAP_MATCHING_RULE_IN_CHAIN. (Yes, it was a fairly big version jump.. Yes, I should have upgraded much earlier.. Yes, I know 4.19.x is out now as well) Here's a search that

Op 05-11-2023 om 23:25 schreef Jonathan Hunter via samba: > I'm quite confused by this one, as I can't see how this would happen.. > but after upgrading my DCs from 4.11.10 to 4.18.5, LDAP searches don't > seem to work if they use the :1.2.840.113556.1.4.1941: modifier, aka > LDAP_MATCHING_RULE_IN_CHAIN. (Yes, it was a fairly big version jump.. > Yes, I should have

I recived this: logonCount: 0 sAMAccountName: Guest sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=hebe,DC=us isCriticalSystemObject: TRUE memberOf: CN=Guests,CN=Builtin,DC=hebe,DC=us

On 16/09/2020 17:34, Marco Shmerykowsky via samba wrote: > I followed the instructions on the OpenVPN site for creating > the bind user: > > https://openvpn.net/vpn-server-resources/openvpn-access-server-on-active-directory-via-ldap/#Create_and_configure_a_bind_user > OK after reading the supplied link, I think I see where the miss-understanding is coming from. Under the heading

On 01/02/2020 16:29, Palle Kuling via samba wrote: > > > Queried against Samba 4.11.4 (query is for OU=Business but response is > from OU=Test): > $ldapsearch -D username at internal.xxx.yy -w password -H > ldaps://192.168.1.1 -s one -b ou=business,dc=internal,dc=xxx,dc=yy > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=testadmin))" > #

Op 06-11-2023 om 14:58 schreef Jonathan Hunter: > Thank you Kees. > > On Mon, 6 Nov 2023 at 09:37, Kees van Vloten via samba > <samba at lists.samba.org> wrote: >> I am currently running at 4.19.2 but I have run 4.18.6 and 4.18.5. I did >> not experience any issues with nested group lookups, which many of the >> filters rely on. > Interestingly, I've now

On 10/05/15 16:08, Steve Thompson wrote: > Roland, > > Thank you very much for your attention to this. You should get a medal > for all the help you give everyone on this list. > > On Sun, 10 May 2015, Rowland Penny wrote: > >> Why ? And why don't they show up when you ask for the zones with >> samba-tool ? > > I have that many subnets. As for why they

On 2020-04-01 05:51, Rowland penny via samba wrote: > On 01/04/2020 09:23, Rowland penny via samba wrote: >> On 01/04/2020 08:23, Rowland penny via samba wrote: >> On 31/03/2020 >> 22:48, David Kowis via samba wrote: >>> Howdy! >>> >>>> I'm setting up a domain controller, and things are going >>> >>>> wonderfully, but

Hi, how can i get work Samba 4 Sernet 4.1.7 correctly with NIS. Ist provisioned with rfc2307. When i query a User withi get the following. getent passwd testswi SWI\testswi:*:10000:100:testswi:/home/SWI/testswi:/bin/false I want to change /bin/false to a other value /bin/bash I tried many things to change the value. 1. ldbedit -e vim -H /var/lib/samba/private/sam.ldb samaccountname=testswi